Blank PHP Emails
There\'s a lot of blank php email posts on here but none of them have solved this for me.
I tweaked this simple php code I found to simply email a specified email addres
-
As none of the other answers have covered the issue of validation apart from the one accepted, but if your going to do that you might as well just use the extract() function, (it also won’t protect from header injection or email validation).
It’s very important to validate user input and a layer of simple CSRF protection, else bots or spammers can directly POST to your PHP and it will send you a bombardment of emails, you won’t see the forest for the trees (legit emails), or worse inject headers into your
inputEmailfield and send their own emails using your server which is obviously something you don't want to happen.Also I’ve added an easy way that you can pass errors from your PHP script that sends the user back to the form for you to echo out.
So for the send_form_email.php file.
'."\r\n"; $headers.="X-Mailer: PHP"."\r\n"; if(mail('test@gmail.com', 'Website email form: '.$name, $message, $headers)){ $_SESSION['email_status'] = "We've received your contact information"; //send to success page exit(header("Location: http://wetzelscontracting.com/postcontact.html")); }else { $_SESSION['email_status'] = 'There was an error sending the mail'; //backup to file file_put_contents('mail.log.txt',print_r($_POST, true).PHP_EOL, FILE_APPEND); } }else{ //assuming its this url exit(header("Location: http://wetzelscontracting.com/contact.php")); $_SESSION['email_error'] = $error; } }else{ //stop multiple attempts unset($_SESSION['csrf']); //dont allow GET request/direct access exit(header("Location: http://wetzelscontracting.com/contact.php")); } ?>Then in your page with the form, start a session to read from the
$_SESSIONarray, and then echo out your errors if any.
加载中...
- 热议问题